smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

52ead6498383866db8a8e2209bf2c8ecfb8e7adf74d81708aca521b386b6d3fe
Size

312KB
Sample

240627-tccb7sydmc
MD5

cd48baa47ec1950e8a75f7d9cf530164
SHA1

954632da2a6db32b43c4d2700e5f93657804afd6
SHA256

52ead6498383866db8a8e2209bf2c8ecfb8e7adf74d81708aca521b386b6d3fe
SHA512

70809f63eaa6e165924c15e99e8a1c64540ea4260a91e03a94769112c8becf746330c807c18ffc7711d81f8cc2dda53e27f214a36b13162fe873c759e4741375
SSDEEP

6144:/CtaLdcNK9CHuFLiz7UnROWJgZtQcz7vsrj:/CABUK92uczIQZt5f0r

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  52ead6498383866db8a8e2209bf2c8ecfb8e7adf74d81708aca521b386b6d3fe
- Size
  
  312KB
- MD5
  
  cd48baa47ec1950e8a75f7d9cf530164
- SHA1
  
  954632da2a6db32b43c4d2700e5f93657804afd6
- SHA256
  
  52ead6498383866db8a8e2209bf2c8ecfb8e7adf74d81708aca521b386b6d3fe
- SHA512
  
  70809f63eaa6e165924c15e99e8a1c64540ea4260a91e03a94769112c8becf746330c807c18ffc7711d81f8cc2dda53e27f214a36b13162fe873c759e4741375
- SSDEEP
  
  6144:/CtaLdcNK9CHuFLiz7UnROWJgZtQcz7vsrj:/CABUK92uczIQZt5f0r
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2